The Data Protection Principles

The data protection rules contain the following principles that you, as a data controller, must always comply with:

  1. Lawfulness, fairness and transparency: Processing must comply with the data protection rules and be transparent
  2. Purpose of limitation: In the case of collection, it must be clear for which purpose the data are to be used. Subsequent treatment must not be incompatible with these objectives
  3. Data minimization: Processing, including the storage of data, shall be limited to what is necessary to achieve the purpose
  4. Accuracy: Information shall be updated and incorrect data shall be deleted or rectified
  5. Storage limitation: Where data no longer need to be processed, it shall be anonymized or deleted
  6. Integrity and confidentiality: Information shall not be disclosed to unauthorized persons, get lost or damaged


Learn more on the EDPB's website

Find more information regarding your obligations on the European Commission's website.